Bug 1007447 - check for active sessions not troll proc for uids
check for active sessions not troll proc for uids
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: sssd (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jakub Hrozek
Kaushik Banerjee
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-12 09:54 EDT by Dmitri Pal
Modified: 2015-03-05 05:27 EST (History)
7 users (show)

See Also:
Fixed In Version: sssd-1.12.0-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-03-05 05:27:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Dmitri Pal 2013-09-12 09:54:27 EDT
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/sssd/ticket/2084

When we want to check if a user is logged in (in oreder to decide, for example. whether to keep an old random FILE cache type name) we currently troll /proc to find if any user proces for that uid is present.

We should instead use proper system session management (libsystemd-login and utmp as fallback) to check if a user is actually logged in or not.

It will be faster and cleaner.

We need to just release note this issue. No special QE effort required.
Comment 1 Jakub Hrozek 2013-09-16 09:56:56 EDT
Fixed upstream.
Comment 2 Jenny Galipeau 2013-09-19 09:14:01 EDT
please add steps to reproduce
Comment 3 Jakub Hrozek 2013-09-19 11:24:18 EDT
This is an improvement in functionality, so not much to "reproduce". But to make sure that the functionality to detect the user is logged in still works, do the following:

1) login from one terminal with ssh
type klist to see the ccache
2) login from another terminal as the same user
type klist again. It should be the same ccache path.

Please also test different methods of login, at least ssh and su. Sumit found out that with the current git head, su doesn't really work reliably.
Comment 6 Martin Kosek 2014-06-17 08:13:50 EDT
Fixed upstream:

b49a7d90708e816120ff88ce5a88fa62b35ff795
Comment 8 Kaushik Banerjee 2015-01-13 09:11:44 EST
Verified with sssd-1.12.2-39.el7

Output from beaker automation run:
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ1007447 Validate ccache name for multiple logins
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Redirecting to /bin/systemctl stop  sssd.service
Redirecting to /bin/systemctl start  sssd.service
:: [ 08:35:28 ] :: Sleeping for 5 seconds

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_1
-bash-4.2$ exit


spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:33:28 2015
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_2
-bash-4.2$ exit

spawn ssh -o StrictHostKeyChecking=no puser1@localhost
puser1@localhost's password: 
Last login: Tue Jan 13 08:35:34 2015 from localhost
Could not chdir to home directory /home/puser1: No such file or directory
-bash-4.2$ klist | head -2 > /tmp/klist_ssh_ccache_name_3
-bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_2 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_ssh_ccache_name_3 /tmp/klist_ssh_ccache_name_1'' (Expected 0, got 0)


spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_1
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_2
bash-4.2$ exit

spawn su --shell /bin/sh nobody
sh-4.2$ su puser1
Password: 
bash-4.2$ klist | head -2 > /tmp/klist_su_ccache_name_3
bash-4.2$ exit

:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_2 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
:: [  BEGIN   ] :: Running 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1''
:: [   PASS   ] :: Command 'strict eval 'diff /tmp/klist_su_ccache_name_3 /tmp/klist_su_ccache_name_1'' (Expected 0, got 0)
BZ1007447-Validate-ccache-name-for-multiple-logins result: PASS
Comment 10 errata-xmlrpc 2015-03-05 05:27:16 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0441.html

Note You need to log in before you can comment on or make changes to this bug.